Digital certificate, everything you need to know to request and install it in your browser

The digital certificate offers us the possibility of identifying ourselves, unequivocally, electronically and with full legal validity. There are different types of digital certificates, but the most important for most is the individual certificate. We will see everything you need to know to request and install the digital certificate on your computer.

How to apply for your digital certificate: Steps to follow

The application for digital certificate of natural person or citizen can be done online. The first step is to check if our browser is compatible and is correctly configured. To make the request FNMT guarantees full compatibility with Internet Explorer and Mozilla Firefox, if possible in its latest versions.

To make sure that the browser is correctly configured we have to follow a series of steps, but also have a utility that is responsible for automatically performing the whole process. After installing and restarting the computer we can start with the certificate request.

This way we avoid having to review all the configuration through the Control Panel, in the section of Internet Options. This is where, in the tab of contents, we will see the digital certificates that we have installed. To start in the Security tab, Trusted sites we have to enter a series of addresses that tell us. Also in the security level, you have to activate all the options of ActiveX. This would be useful for Internet Explorer since Mozilla may require the installation of some add-on or the root certificates of the FNMT.

Request the digital certificate

Once we have the browser well configured, we can proceed to request the software certificate through the Internet. If for any reason the Browser is not well configured or we try to make the request from another non-compatible, a notice will appear on the page and not the corresponding form.

The document is very easy to fill since it asks for very few data. Once completed we will arrive at the email, which we have registered, a message with our application number that will be associated with our DNI. We already have the first step, in the next we will have to prove our identity in person at one of the authorized offices. We must go with our application number and ID. Depending on the chosen body we may need to make an appointment.

All of the above would be required for the software certificate, because it is also possible to request a digital certificate on Android. It is important to know that if we request a certificate from the Android application and we already have another certificate issued by the FNMT installed in the browser, the latter will no longer be valid. The request process is similar to the computer software certificate, but is done from the FNMT Android application. What we will not get rid of is to have to prove our identity in person. So we can process through the different apps that the Ministries have available.

Install the digital certificate

A very important issue to keep in mind is that there should be no change in the operating system or browser since we made the request until we installed the certificate. That’s why it’s best to turn off updates during this time. The certificate must be downloaded and installed from the same browser as the request.

Once we have passed through the chosen office, to prove the identity, we will get to our email a message with a code through which we will be able to download and install our certificate. If everything goes well, after accepting the conditions, a window will appear in which the installation will proceed.

Here we must take into account that the certificate can only be downloaded for a limited time, so it is not enough to save the mail to re-download after a year. It is essential to make a backup, something that will also allow us to install it on other computers or browsers. Downloading and installing the certificate in Explorer does not mean that we can use it in all browsers. Firefox for example has its own certificate store.

Image Source: Google Image

I already have the certificate installed, how do I back it up?

Once we have our certificate installed, it is advisable to make a backup that we will save to an external USB drive or an external hard drive . It is about having it in a safe place in case we have to format the computer tomorrow or, simply, we want to have the certificate installed on more than one computer.

To do this we have to go back to the Control Panel, Internet Options, Content tab and choose Certificates . Select the one you want to export and simply click the Export button.

The first thing that appears to us is the Certificate Export Wizard. The first option is to ask us if we want to export the private key. This is a must have before you can import it correctly. In the following screen we have to choose some options:

Include all certificates in the certification path, which is marked by default

Delete the private key if the export is correct.

Export all extended properties.

Enable certificate privacy.

Just choose the first option that is already marked and click next. This screen will ask for a password that will be the one that we have to enter when we want to import the certificate. This password is an encryption key and will only be used when we want to install it in another browser. If we do not remember it we can not do it.

The following will tell you which path to save the certificate to and the name of the file. To import our file on a different computer, for example, we have to go to the option of Control Panel, Internet Options, Contents and Certificates as we did for export. Only this time will use the Import option.

After selecting the path where the file is located, the next step will be to enter the password that we believe in the moment. We can also check the following options:

Enable secure private key protection. This way, every time an application uses the certificate, a pop-up window will appear asking for confirmation. It’s safer, but in the long run it can be a bit heavier.

Mark this key as exportable. This allows us to also export this certificate and also prevents unauthorized persons from obtaining a copy of our digital certificate.

Including all extended properties is marked by default and should be marked.

After this step asks us where we want to include the certificate, which when being a natural person we choose Personal Certificate Store and, in this way, we already have our digital certificate installed on a new computer.

Finally there is an option to import the certificate into a cryptographic card, which we can also acquire in the FNMT. It is a card with a chip similar to the DNIe, in which up to 10 certificates can be stored. To import it we need to install, besides the card and its drivers, those of the card reader. This makes certificate management, although more secure, be cumbersome or non-operational, and is also one of the reasons why users prefer software certificates installed in the browser.

The digital certificate with Mac

Digital certificates can also be installed equally on Linux and Mac. In the case of Apple computers, certificates are stored on the keychain. Its installation is equal to or simpler than in Windows, although that yes, the request to the FNMT must be completed from Firefox, since Safari is not a compatible browser. Simply open the keychain utility and tell it to import the certificate from the location where we saved it.

It will also happen with many of the e-Administration pages, where the native Mac browser or Google Chrome is not the best option. In other cases, the page is displayed correctly and we can even access eGovernment with Safari, but at the time of signing a document do not work. In this case, Firefox is the most reliable option if we do not want to complicate our lives. There are different applications, such as the Ministry of Energy, Tourism and Digital Agenda to check if our browser is 100% compatible.

As far as iOS is concerned, the digital certificate can also be installed. Just send us an email to an address that we have configured on the device. Once we receive it, clicking on the file opens the wizard that will ask for the password with which we had exported and we have it ready.

Installing the digital certificate on Linux

In this case, the browser with which we have to make the request to the FNMT is Firefox, just like it happens in Mac. It is the only compatible option. In addition to performing the configuration manually, the first step will be to import the certificates of Root, FNMTClase2CA, AC Users, AC Representation, AC Public Administration and Computer Components Ac. These certificates are also required in Windows. For the case of Linux we have to click on the certificate, edit, preferences, advanced, encrypted or certificate and View certificates. Select the authorities tab and import.

If we want to export our installed certificate or import another, we have to go to Firefox configuration, Options, Advanced, Certificates, View certificates, where we will see the button to import the certificate or export it. In the first case the only thing that asks us is the password and it installs correctly.

Image Source: Google Image

What is the digital certificate for?

And now that we have the certificate, what can we do with it? The truth is that it allows us to sign a large number and different types of documents, such as PDFs. If we use Acrobat Reader, in its DC version, we go to Tools, Certificates and we will have the option to digitally sign. We just have to trace the area where we want our signature to appear and select the certificate to do so.

The file will be saved again, which will have a signed copy and not one. You can also digitally sign Word documents, for example, although it does not make much sense to sign a document that could be easily altered. In any case, it can be interesting if we want to verify that a series of users have read a document, for example.

In any case, there are many applications that allow us to sign all types of files and also do it in a massive way. One example is @signature, free and developed by the Ministry of Finance. In addition to allowing multiple file formats to sign, you have co-signature and counter-signature options.

Identification on the Internet with the digital certificate

But the truth is that one of the main reasons for getting a digital certificate is to be able to identify yourself through the Internet unequivocally. This allows us, for example, to access more securely the data of our bank and especially to the Electronic Administration.

Many of the procedures that involve tail hours and previous appointments can be made at any time, at any time and from the comfort of our home if we have a digital certificate. From the obtaining of a report of Life Work, a certificate of Penales or Birth, etc. And everything we have at the moment downloaded in our team.

Finally, in some cases, the download or presentation of documentation in the different electronic venues may require the use of the digital certificate to make an online signature with full legal validity. An example would be the collection of notifications that arrive us, from a traffic fine to the granting of a scholarship, for example. In this way, we are convinced that we have collected this notification; we have submitted a letter, etc.

Java, a headache for digital signature in e-government

In the latter case, many of the Electronic Seats in which we must sign require the installation of Java in our team. This is because to sign it is necessary to use a signature plugin that they have developed for the most part with this platform. If this add-on is not installed correctly, it cannot be signed.

This is a major headache in many cases. As with browser internet options, you must include the pages that we visit and where we want to sign on trusted Java sites. But also many times the domain of the page changes during the processing. This makes the use of electronic administration despite having a digital certificate is not as simple as it may seem.

At some point, it may be complicated, but the truth is that once installed correctly the amount of time that saves us makes the effort was worth it.